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CLAIMS 

What is claimed is: 



11. A method comprising: 

2 determining which system resources of a computer system, if any, are to remain 

3 under control of a resident operating system of the computer system and which of the 

4 system resources are to be placed under control of one or more customized execution 

5 environments (CE s) that are to be established within the computer system; and 

6 partitioning the system resources among the resident operating system and the one 

7 or more CE 2 s by associating one or more partitions of the system resources with the one 

8 or more CE 2 s. 

1 2. The method of claim 1 , wherein said partitioning the system resources comprises the 

2 resident operating system configuring the one or more partitions using hardware-based 

3 isolation techniques provided by one or more processors of the computer system. 

1 3. The method of claim 2, further comprising the resident operating system entering a 

2 dormant state . 

1 4. The method of claim 1 , wherein said partitioning the system resources comprises the 

2 operating system configuring the one or more partitions using a secure-platform interface. 

1 5. The method of claim 4, further comprising the resident operating system retaining full 

2 control of one or more of the partitions and remaining active after said partitioning the 

3 system resources. 

1 6. The method of claim 1, wherein said partitioning the system resources comprises a 

2 system administrator configuring the one or more partitions using hardware partitioning 

3 capability provided by the computer system. 



Docket No.: 73153-302255 
Express Mail No.: EL 971 197699 US 



1 7. The method of claim 6, further comprising separately booting the resident operating 

2 system and the one or more CE 2 s within their respective configured partitions. 

9 9 

1 8. The method of claim 1 , further comprising a CE'ofthe one or more CE s making use of 

2 capabilities of the computer system not supported by the resident operating system. 

1 9. The method of claim 1 , wherein a CE 2 of the one or more CE 2 s comprises both statically 

2 linked system code and data modules and application code and data modules. 

1 10. The method of claim 1, wherein functional capabilities of a CE 2 of the one or more CE 2 s 

2 is strictly limited to only those services required by a small set of predetermined 

3 applications. 

9 9 

1 11. The method of claim 1 , wherein an application within a CE of the one or more CE s is 

2 limited to a single thread of execution in a processor controlled by the CE 2 . 

3 12. The method of claim 1 , wherein a CE 2 of the one or more CE 2 s utilizes hardware 

4 capabilities not supported by the resident operating system. 

5 13. The method of claim 1 , wherein services provided to an application within a CE 2 of the 

6 one or more CE 2 s enable the application to recover and continue from a system error. 

9 9 

1 14. The method of claim 1 , wherein a CE of the one or more CE s is non-portable. 

— 9 

1 15. The method of claim 1 ? wherein services provided to an application within a CE of the 

2 one or more CE 2 s utilize no general-purpose operating system abstractions. 

3 16. The method of claim 1 3 wherein services within a CE 2 employ entirely different resource 

4 management strategies than those used by a general-purpose operating system. 
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1 17. A method comprising: 

2 an operating system of a computer system receiving information regarding a 

3 customized execution environment (CE ); 

4 the operating system partitioning system resources of the computer system, 

5 including one or more processors and one or more ranges of physical memory, by (i) 

6 determining which of the system resources, if any, are to remain under control of the 

7 operating system and which of the system resources are to be placed under control of the 

8 CE 2 , and (ii) associating a first partition of the system resources with the CE 2 ; and 

9 the operating system surrendering full control of the first partition of the system 
1 0 resources to the CE 2 . 

1 18. The method of claim 1 7, wherein the information regarding a CE 2 includes a directive to 

2 partition resources and an associated partition descriptor, the partition descriptor 

3 identifying resources needed by the CE and indicating how partitions are to be 

4 configured. 

1 19. The method of claim 17, wherein said associating a first partition of the system resources 

2 with the CE 2 comprises disassociating those of the system resources in the first partition 

3 from the operating system and reconfiguring interrupts. 

1 20. The method of claim 1 7, further comprising: 

2 the operating system retaining full control of a second partition of the system 

3 resources; and 

4 isolating the second partition of the system resources to protect the system 

5 resources associated with the operating system from the CE 2 by employing hardware 

6 isolation. 
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1 21 . The method of claim 20, further comprising isolating the first partition of the system 

2 resources to protect the system resources associated with the CE 2 from the operating 

3 system by employing hardware isolation. 

1 22. The method of claim 20, wherein the hardware isolation comprises establishing one or 

2 more disjoint sets of protection keys for one or more operations on one or more ranges of 

3 virtually addressed memory in the first or second partitions of the system resources. 

4 23. The method of claim 20, wherein the hardware isolation comprises establishing one or 

5 more disjoint sets of region identifiers for one or more operations on one or more ranges 

6 of virtually addressed memory in the first or second partitions of the system resources. 

7 24. The method of claim 20, wherein the hardware isolation comprises associating one or 

8 more ranges of memory in the second partition of the system resources with a processor 

9 in the second partition, and associating one or more ranges of memory in the first 

10 partition of the system resources with a processor in the first partition. 

11 25. The method of claim 24, wherein said associating one or more ranges of memory in the 

12 second partition of the system resources with a processor in the second partition, and said 

1 3 associating one or more ranges of memory in the first partition of the system resources 

14 with a processor in the first partition, comprises employing a region-identifier-based 

1 5 memory partitioning mechanism. 

1 26. The method of claim 1 7, further comprising: 

2 receiving an indication that the CE 2 is terminating; and 

3 the operating system assuming control of the first partition of the system 

4 resources. 
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1 27. A system comprising: 

2 one or more storage devices having stored thereon software images of a resident 

3 operating system and customized control environment and services associated with one or 

4 more custom execution environments (CE 2 ); 

5 one or more processors, coupled to the one or more storage devices, to execute the 

6 resident operating system and the customized control environment and services, where: 

7 a determination is made with respect to which portion, if any, of resources of the 

8 system, including the one or more processors and memory of the system, are to remain 

9 under control of the resident operating system and which portion of the resources are to 

1 0 be placed under control of the one or more CE 2 s; and 

1 1 the resources are partitioned among the resident operating system and the one or 

12 more CE 2 s by associating one or more portions of the resources with the one or more 

13 CE 2 s. 

1 28. A server comprising: 

2 one or more storage devices having stored thereon software images of an 

3 operating system and customized control environment and services associated with a 

4 concurrent custom execution environment (C 2 E 2 ), the operating system capable of 

5 establishing a first partition of system resources for use and control by the operating 

6 system and a secpnd partition of system resources for use and control by the C 2 E 2 ; 

7 one or more processors, coupled to the one or more storage devices, to execute the 

8 operating system and the customized control environment and services, where: 

9 a first portion of the one or more storage devices, a first portion of the one or more 

10 processors, a first portion of memory, and a first portion of one or more input/output (I/O) 

1 1 devices are associated with the first partition by the operating system; 

12 a second portion of the one or more storage devices, a second portion of the one or 

1 3 more processors, a second portion of the memory, and a second portion of the one or 
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14 more input/output (I/O) devices are associated with the second partition by the operating 

15 system; 

16 the first partition is isolated to protect the system resources associated with the 

9 9 

1 7 operating system from the C E by employing hardware-based security measures; and 

9 9 

1 8 full control of the second partition is surrendered to the C E by the operating 

19 system initializing and invoking the customized control environment and services in the 

20 second portion of memory. 

1 29. The server of claim 28, wherein the second partition is isolated to protect the system 

9 9 

2 resources associated with the C E from the operating system by employing hardware- 

3 based security measures. 

1 30. The server of claim 28, wherein the customized control environment and services are 

2 non-portable. 

1 31. The server of claim 28, wherein the first partition includes at least one processor. 

1 32. The server of claim 28, wherein the second partition includes at least one processor. 

1 33. The server of claim 28, wherein the one or more storage devices have stored thereon a 

2 software image of a customized application for which a computational structure of the 

3 customized control environment and services has been tuned. 

1 34. The server of claim 33, wherein the customized application comprises a web edge engine. 

1 35. The server of claim 34, wherein the web edge engine comprises a web server. 

1 36. The server of claim 34, wherein the web edge engine comprises an application server. 

1 37. The server of claim 34, wherein the web edge engine comprises a communication server. 

1 38. The server of claim 28, wherein a communication channel is maintained between the first 

2 partition and the second partition, and wherein a dynamic content generator executes 
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3 within the first partition and provides dynamic content to the web server via the 

4 communication channel. 

1 39. The server of claim 28, wherein the hardware-based security measures comprise use of 

2 one or more of region identifiers, protection identifiers, and memory page access rights 

3 values. 

1 40. An operating system comprising: 

2 a means for partitioning system resources into at least a first partition to remain 

3 under the control of the operating system and a second partition that is to be placed under 

4 the full control of a concurrent custom execution environment (C 2 E 2 ); 

5 an interface means to hardware-based isolation features for protecting the system 

6 resources of the first partition against access bytheC 2 E 2 ; 

7 a means for transferring full control of the system resources of the second 

8 partition to the C 2 E 2 , including initializing and invoking customized control and services 

9 associated with the C 2 E 2 ; and 

10 a means for providing communication between the first partition and the second 

11 partition. 

1 41 . The operating system of claim 40, further comprising a means for reincorporating 

2 partitioned system resources. 

1 42. The operating system of claim 40, further comprising: 

2 separate means for operator control of the operating system and the C 2 E 2 ; and 

3 separate interface means for monitoring the operating system and the C 2 E 2 . 

1 43. An operating system comprising: 

2 a means for communicating with one or more concurrent custom execution 

3 environments (C 2 E 2 s) operating within and controlling respective hardware-enforced 
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4 partitions of system resources separate from a hardware-enforced partition of system 

5 resources in which the operating system resides; and 

6 a means for causing a C 2 E 2 of the one or more C 2 E 2 s to begin processing or to 

7 terminate. 
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